Pages

Monday, August 1, 2016

The new documentary movieZero Days, written and directed by Alex Gibney, is arguably the
most important movie of the present century. It is also one of particular relevance to
mathematicians for its focus is on the degree to which mathematics has enabled us to build
our world into one where a few algorithms could wipe out all human life within a few weeks.

In theory, we have all known this since the mid 1990s. As the film makes clear however, this is no
longer just a hypothetical issue. We are there.

Ostensibly, the film is about the creation and distribution of the computer virus Stuxnet, that in
2011 caused a number of centrifuges in Iran’s nuclear program to self-destruct. And indeed, for
the first three-quarters of the film, that is the main topic.

Most of what is portrayed will be familiar to anyone who followed that fascinating story as it
was revealed by a number of investigative journalists working with commercial cybersecurity
organizations. What I found a little odd about the treatment, however, was the degree to
which the U.S. government intelligence community appeared to have collaborated with the film-makers, to all intents and purposes confirming on camera that, as was widely suspected at the
time but never admitted, Stuxnet was the joint work of the United States and Israel.

The reason for the unexpected degree of openness becomes clear as the final twenty minutes
of the movie unfold. Having found themselves facing the very real possibility that small pieces
of computer code could constitute a human Doomsday weapon, some of the central players in
contemporary cyberwarfare decided it was imperative that there be an international awareness
of the situation, hopefully leading to global agreement on how to proceed. As one high ranking
contributor notes, awareness that global nuclear warfare would (as a result of the ensuing
nuclear winter) likely leave no human survivors, led to the establishment of an uneasy, but
stable, equilibrium, which has lasted from the 1950s to the present day. We need to do the
same for cyberwarfare, he suggests.

Mathematics has played a major role in warfare for thousands of years, going back at least to
around 250 BCE, when Archimedes of Syracuse designed a number of weapons used to fight
the Romans.

In the 1940s, the mathematically-driven development of weapons reached a terrifying new
level when mathematicians worked with physicists to develop nuclear weapons. For the first
time in human history, we had a weapon that could bring an end to all human life.

Now, three-quarters of a century later, computer engineers can use mathematics to build
cyberwarfare weapons that have at least the same destructive power for human life.

What makes computer code so very dangerous is the degree to which our lives today are
heavily dependent on an infrastructure that is itself built on mathematics. Inside most of the
technological systems and devices we use today are thousands of small solid-state computers
called Programmable Logic Controllers (PLCs), that make decisions autonomously, based on
input from sensors.

What Stuxnet did was embed itself into the PLCs that controlled the Iranian centrifuges and
cause them to speed up well beyond their safe range to the point where they simply broke
apart, all the while sending messages to the engineers in the control room that the system was
operating normally.

Imagine now a collection of similar pieces of code that likewise cause critical systems to fail:
electrical grids, traffic lights, water supplies, gas pipeline grids, hospitals, the airline networks,
and so on. Even your automobile – and any other engine-driven vehicle – could, in principle, be
completely shut off. There are PLCs in all of these devices and networks.

In fact, imagine that the damage could be inflicted in such a catastrophic and interconnected
way that it would take weeks to bring the systems back up again. With no electricity, water,
transportation, or communications, it would be just a few days before millions of people start
to die, starting with thousands of airplanes, automobiles, and trains crashing, and soon
thereafter doubtless accompanied by major rioting around the world.

To be sure, we are not at that point, and the challenge of a malicious nation being able to
overcome the difficulty of bringing down many different systems would be considerable –
though the degree to which they are interdependent could mitigate that “safety” factor to
some extent. Moreover, when autonomous code gets released, it tends to spread in many
directions, as every computer user discovers sooner or later. So the perpetrating nation might
end up being destroyed as well.

But Stuxnet showed that such a scenario is a realistic, if at present remote, possibility. (Not just
Stuxnet, but the Iranian response. See the movie to learn about that.) If you can do it once
(twice?), then you can do it. The weapon is, after all, just a mathematical structure; a piece of
code. Designing it is a mathematical problem. Unlike a nuclear bomb, the mathematician does
not have to hand over her results to a large, well-funded organization to build the weapon. She can create it
herself at a keyboard.

That raw power has been the nature of mathematics since our ancestors first began to develop
the subject several thousand years ago. Those of us in the mathematics profession have always
known that. It seems we have now arrived at a point where that power has reached a new
level, certainly no less awesome than nuclear weapons. Making a wider audience more aware
of that power is what Gibney’s film is all about. It’s not that we face imminent death by
algorithm. Rather that we are now in a different mathematical era.

Subscribe To

Follow by Email

About Me

The Mathematical Association of America is the world's largest community of mathematicians, students, and enthusiasts. We accelerate the understanding of our world through mathematics, because mathematics drives society and shapes our lives. Visit us at maa.org.